Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5254

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-5254
Last Modified 15 Nov 2008 02:00:18
Published 06 Oct 2007 01:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5254

Summary

VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe.

Vulnerable Systems

Application

  • Virusblokada Vba32 Antivirus 3.12.2


References

CONFIRM - http://www.anti-virus.by/en/

BID - 25930

OSVDB - 37991

FULLDISC - 20071004 Vba32 AntiVirus v3.12.2 insecure file permissions

SECUNIA - 27094


Last Updated: 27 May 2016 10:46:08